Beppe is correct - quite a paradox.
* * * * * * *
But yes it can be done.
* * * * * * *
You will require an SEPM.
You will need the SEP CD1 which contains the unamanaged installer.
You will need to define many groups in your SEPM (depending on the firewall settings).
* * * * * * * * *
For point number 1 - it comes in 2 parts.
** Part 1 - 1 **
I will not redo the screenshots, but rather ask that you + 1 Barkha for his contribution in this link (once for the screenshot and once for the explanation)
https://www-secure.symantec.com/connect/forums/unlock-administrator-defined-scans
Essentially this is it:
Create a group in SEPM with the policies and all the settings the way you want them to be. I.E. Go to the AV/AS policy and set the scan schedule the way you want it (daily, weekly, hourly, etc.)
Setup you firewall rules the way you want them (removing the defaults or anything else you don't want)
When you export the package from SEPM, select the client group which has the policies the way you configured them for your clients. Add a check mark in the box to export, "export policy settings from the same group".
This will add the policy settings to the Managed client. Yes I said managed.
Preferably, you want to export as an .MSI
We now have one managed client install package - configured with the scan schedules, firewall rules, etc. that we want.
** Part 1 - 2 **
We now go to the installation folder with the unmanaged client. Here we will acquire the SYLINK.XML file which is very different from the one we just created in our managed client.
We go to our newly exported MSI file and replace the SYLINK.XML file with that which comes from the unmanaged client folder. Thus we turn our Managed export with all our settings into an Unmanaged client with all our settings.
* * * * * * * * * * * * * * *
OOPS! I guess I answered both of your questions above.
* * * Optional portion * * *
Now, since we have an MSI exported for our clients, which has multiple files... we might want to build a single MSI package for all this;
We can now build our own MSI package.
You can use such tools as:
- WPKG
- NSIS
- Wise Package Studio
- And many many more
* * * Very optional above * * *
If you dont need to do it, I wouldn't recommend it. Of course, it's good to have knowledge of re-packaging and packaging into MSI files. Just another notch in the IT ToolBelt - AKA skill set.